IT's Responsibility for Business Continuity

Columnist Penny Klein says IT administrators are not stepping up to the plate and implementing Continuity of Operations plans. And it could cost the business.
Posted November 28, 2005
By

Penny Klein

Penny Klein


While watching television this past month, I saw a lot of notices about taking ''responsibility''. All the alcohol commercials remind you to drink responsibly. Car insurance commercials want you to drive responsibly and don't forget all the TV spots dedicated to financial responsibility.

And it's not confined to television ads. In the halls at work, I see signs that read, ''Security Begins with You'' and ''Remember, you are responsible for 'fill in the blank' ''.

With all the reminders of what we are responsible for as an individual, what I have failed to see is a lot of corporate responsibility when it comes to the Continuity of Operations.

And what do I mean by that? Well, I mean there's more to keeping a company running than holding onto data. Don't get me wrong... of course that's critical. But to keep operations running, you need to plan for personnel, communications, systems, logistics... It's a lot of planning and it needs to be done well ahead of any bad forecasts.

Aren't there regulations that mandate that kind of thing?

Well, Sarbanes-Oxley regulations are in place to ensure there is due diligence in the financial marketplace. And FISMA mandates that government agencies are securing their data and systems, as well as ensuring the continuity of operations, disaster recovery and business resumption plans are developed, maintained and tested.

So, I must be mistaken and corporate America has taken full responsibility for identifying, minimizing and correcting its security vulnerabilities. Right?

Sadly enough, not all businesses have stepped up to the plate when it comes to the Continuity of Operations.

I thought after Hurricane Katrina ripped through the Gulf States, leaving a wake of destruction, that all businesses outside the region would heave a sigh of relief, and then quickly develop disaster recovery plans. After that they'd work tirelessly on testing them and keeping them updated.

Some did. Many others did not.

And what about the businesses that were booming one day, and under water the next day? Where were their Disaster Recovery and Continuity of Operations plans?

Those who had their plans developed and in place were able to quickly implement them... and their businesses survived. Those who did not, or had not tested the plan for flaws, could not implement it successfully when needed. And more than likely, they will not be able to recover from the lost revenue.

With these lessons so fresh in our memories, I had expected IT administrators from both large and small organizations to be screaming for assistance in developing these business-saving plans. At least, I expected to see administrators dusting off their old plans and procedures and, on a good day, updating them and then putting those plans to the test.

I am not sure any of that has happened.

When I speak with my peers, they say they have not seen this trend. Sure, there's more talk about disaster recovery, although most do not take into account any of the business functions.

Business functions are as important to survivability as the company data. In today's environment, there are multiple sites that will take a company's data and restore it for them. However, data alone is not enough to keep a company afloat. The people and processes are necessary to manipulate the data into something meaningful.

For example, a unified command, chain of command, and span of control to manage the disaster recovery response is critical. And so is keeping all of that up and running... at all times.






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.